A couple of months ago, I wrote an article about the new Microsoft Hyper-V UEFI in Windows Server 2019 and Windows 10 virtual machines. With that version Microsoft also released a new Hyper-V VM configuration version 9.0. This is not unusual, the Hyper-V teams usually bumps up the version number from release to release, since new Hyper-V features are introduced. In the comments, the question came up, what is new in this version of the Hyper-V VM configuration, Since the version was still a preview release of Windows Server and Windows 10, Microsoft didn’t share the full list of features per configuration version. However, now the documentation is ready and you can find the documentation here.

Supported features

The following table shows the minimum virtual machine configuration version required to use some Hyper-V features.

Windows Server

Windows 10

Version

Feature

Windows Server 2016 Technical Preview 3

Windows 10 1507

6.2

Hot Add/Remove Memory

Windows Server 2016 Technical Preview 3

Windows 10 1507

6.2

Secure Boot for Linux VMs

Windows Server 2016 Technical Preview 3

Windows 10 1507

6.2

Production Checkpoints

Windows Server 2016 Technical Preview 3

Windows 10 1507

6.2

PowerShell Direct

Windows Server 2016 Technical Preview 3

Windows 10 1507

6.2

Virtual Machine Grouping

Windows Server 2016 Technical Preview 4

Windows 10 1511

7.0

Virtual Trusted Platform Module (vTPM)

Windows Server 2016 Technical Preview 5

7.1

Virtual machine multi queues (VMMQ)

Windows Server 2016

Windows 10 Anniversary Update

8.0

XSAVE support

Windows Server 2016

Windows 10 Anniversary Update

8.0

Key storage drive

Windows Server 2016

Windows 10 Anniversary Update

8.0

Guest virtualization-based security support (VBS)

Windows Server 2016

Windows 10 Anniversary Update

8.0

Nested virtualization

Windows Server 2016

Windows 10 Anniversary Update

8.0

Virtual processor count

Windows Server 2016

Windows 10 Anniversary Update

8.0

Large memory VMs

Windows Server 1803

Windows 10 April 2018 Update

8.3

Increase the default maximum number for virtual devices to 64 per device (e.g. networking and assigned devices)

How to list the supported VM configuration versions

You can list all supported VM configuration versions on your Hyper-V host using the Get-VMHostSupportedVersion cmdlet.

1

Get-VMHostSupportedVersion

If you want to see the version of a Hyper-V virtual machine, you can use Hyper-V Manager or the following PowerShell command:

1

Get-VM

Full list of Hyper-V VM versions

Here you have a full list of VM configuration versions of Hyper-V VMs together with the operating system.

Windows Client

Windows Server

Version

Windows Server 2008

1.0

Windows Server 2008 SP1

2.0

Windows Server 2008 R2

3.0

Windows 8

Windows Server 2012

4.0

Windows 8.1

Windows Server 2012 R2

5.0

Windows 10 1507

Windows Server 2016 Technical Preview 3

6.2

Windows 10 1511

Windows Server 2016 Technical Preview 4

7.0

Windows Server 2016 Technical Preview 5

7.1

Windows 10 Anniversary Update

Windows Server 2016

8.0

Windows 10 Creators Update

8.1

Windows 10 Fall Creators Update

Windows Server 1709

8.2

Windows 10 April 2018 Update

Windows Server 1803

8.3

Windows 10 October 2018 Update

Windows Server 2019 / 1809

9.0

Windows 10 April 2019 Update

Windows Server 1903

9.1

Prerelease

Prerelease

254.0

Experimental

Experimental

255.0

How to upgrade Hyper-V VM configuration version

Upgrading the Hyper-V VM version is pretty straight forward. If the VM is running on a host supporting a newer version of Hyper-V VMs, you can right click the virtual machine in the Hyper-V Manager and click on upgrade or you can run the Update-VMVersion PowerShell cmdlet.

1

Update-VMVersion

I hope this blog was help full for understanding Hyper-V VM versions, let me know if you have any questions in the comments!

This is not really a new feature, it exists already for a while, but it seems that still a lot of people don’t know about it. Azure Backup not only allows you to backup services in Azure or Windows Server and services on-premises, Azure Backup can also backup your Windows Client PC.

Azure Backup for your Windows 10 PC allows you to backup Files and Folders and store and backup them to the cloud. You can use this for small environments, VIP machines or for remote workers which are always on the road. Data is encrypted on the on-premises client machine using AES256 and the data is sent over a secure HTTPS link. Backups are stored encrypted in Azure with the customers own key.

I use Azure Backup for my own devices. I am often on the road and working on different documents and files. Obviously I also use OneDrive and OneDrive for Business, which also allows you to restore files after you delete them. However, the retention rate is way to short and it is not a backup. Azure Backup in that case is a great addition. You can backup your files where ever you are.

Setup Azure Backup for Windows Clients

First you will need to setup a Azure Recovery Services Vault in Microsoft Azure. This is the service which your backups will be stored.

Microsoft very quickly responded to the speculative execution side-channel vulnerabilities also called Meltdown and Spectre which affect many modern processors and operating systems, including chipsets from Intel, AMD, and ARM. Microsoft released some guidance how you should protect your devices against these vulnerabilities. The Microsoft Security Defense Team also published an article with guidance and more details on this: ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities

In this blog post I tried to quickly summarize the information and link it to the right websites.

Summary

Microsoft is aware of detailed information that has been published about a new class of vulnerabilities referred to as speculative execution side-channel attacks. This industry-wide attack method takes advantage of out-of-order execution on many modern microprocessors and is not restricted to a single chip, hardware manufacturer, or software vendor. To be fully protected, updates are required at many layers of the computing stack and include software and hardware/firmware updates. Microsoft has collaborated closely with industry partners to develop and test mitigations to help provide protections for our customers. At the time of publication, Microsoft had not received any information to indicate that these vulnerabilities have been used to attack our customers.

Note This issue also affects other operating systems, such as Android, Chrome, iOS, and MacOS.

Warning

Microsoft addressed protect against speculative execution side-channel vulnerabilities in the latest Windows Updates. However, customers who only install the Windows January 2018 security updates will not receive the benefit of all known protections against the vulnerabilities. In addition to installing the January security updates, a processor microcode, or firmware, update is required. This should be available through your device manufacturer. Surface customers will receive a microcode update via Windows update.

Guidance for Windows Client

Customers should take the following actions to help protect against the vulnerabilities:

Verify that you are running a supported antivirus application before you install OS or firmware updates. Contact the antivirus software vendor for compatibility information.

Apply all available Windows operating system updates, including the January 2018 Windows security updates.

Apply the applicable firmware update that is provided by the device manufacturer

Windows-based machines (physical or virtual) should install the Microsoft security updates that were released on January 3, 2018. See Microsoft Security Advisory ADV180002 for updates for the following versions of Windows.

Your server is at increased risk if it is in one of the following categories:

Hyper-V hosts

Remote Desktop Services Hosts (RDSH)

For physical hosts or virtual machines that are running untrusted code such as containers or untrusted extensions for database, untrusted web content or workloads that run code that is provided from external sources.

There for Microsoft posted some additional registry keys to mitigations on servers. Microsoft also added some extra registry keys if you are running older versions of Hyper-V.

Guidance for Virtual Machines running on Hyper-V

In addition to this guidance, the following steps are required to ensure that your virtual machines are protected from CVE-2017-5715 (branch target injection):

Ensure guest virtual machines have access to the updated firmware. By default, virtual machines with a VM version below 8.0 will not have access to updated firmware capabilities required to mitigate CVE-2017-5715. Because VM version 8.0 is only available starting with Windows Server 2016, users of Windows Server 2012 R2 or earlier must modify a specific registry value on all machines in their cluster.

Perform a cold boot of guest virtual machines.Virtual machines will not see the updated firmware capabilities until they go through a cold boot. This means the running VMs must completely power off before starting again. Rebooting from inside the guest operating system is not sufficient.

Update the guest operating system as required. See guidance for Windows Server.

Guidance for Surface Devices

Microsoft will provide UEFI updates for the following devices:

Surface Pro 3

Surface Pro 4

Surface Book

Surface Studio

Surface Pro Model 1796

Surface Laptop

Surface Pro with LTE Advanced

Surface Book 2

The updates will be available for the above devices running Windows 10 Creators Update (OS version 15063) and Windows 10 Fall Creators Update (OS version 16299). You will be able to receive these updates through Windows Update or by visiting the Microsoft Download Center.

Guidance for Azure

Microsoft has already deployed mitigations across the majority of our cloud services and is accelerating efforts to complete the remainder.

However, I always recommend that you also patch your operating systems and applications to be protected against other vulnerabilities.

Impact to Enterprise Cloud Services

Microsoft is not aware of any attacks on the Microsoft Cloud customers which leverage these types of vulnerabilities. Microsoft employs a variety of detection capabilities to quickly respond to any malicious activity in our enterprise cloud services.

Most of the Azure infrastructure has already received mitigations against this class of vulnerability. An accelerated reboot is occurring for any remaining hosts. Customers can check the Azure Portal for additional details.

All other enterprise cloud services such as Office 365, Dynamics 365, and Enterprise Mobility + Security have mitigations against these types of vulnerabilities. Microsoft engineering is continuing to perform analysis across the environments to confirm further protection.

Some variations of these vulnerabilities apply also to the virtual machines (VMs) that are running in the tenant space. Customers should continue to apply security best practices for their VM images, and apply all available operating system updates to the VM images that are running on Azure Stack. Contact the vendor of your operating systems for updates and instructions, as necessary. For Windows VM customers, guidance has now been published and is available in this Security Update Guide.

Guidance for SQL Server

The following versions of Microsoft SQL Server are impacted by this issue when running on x86 and x64 processor systems:

SQL Server 2008

SQL Server 2008 R2

SQL Server 2012

SQL Server 2014

SQL Server 2016

SQL Server 2017

IA64-based versions of SQL Server 2008 are not believed to be affected.

Microsoft made a list of different SQL Server scenarios depending on the environment that SQL Server is running in and what functionality is being used. Microsoft recommends that you deploy fixes by using normal procedures to validate new binaries before deploying them to production environments.

Microsoft is aware of a new publicly disclosed class of vulnerabilities that are referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems, including chipsets from Intel, AMD, and ARM.

Note This issue also affects other systems, such as Android, Chrome, iOS, and MacOS, so we advise customers to seek guidance from those vendors.

Microsoft has released several updates to help mitigate these vulnerabilities. We have also taken action to secure our cloud services. See the following sections for more information.

Microsoft has not yet received any information to indicate that these vulnerabilities have been used to attack customers. Microsoft continues working closely with industry partners including chip makers, hardware OEMs, and app vendors to protect customers. To get all available protections, hardware/firmware and software updates are required. This includes microcode from device OEMs and, in some cases, updates to antivirus software as well.

1

2

3

4

5

# Install the PowerShell module

Install-Module SpeculationControl

# Run the PowerShell module to validate protections are enabled

Get-SpeculationControlSettings

Enabled protections will show in the output as “True” like in this screenshot here

Last week I got the Microsoft Surface Precision Mouse delivered. The Surface Precision Mouse will become the replacement mouse for my Microsoft Sculpt Mouse, which I used for the last couple of years. Now I want to give you some impressions about the Surface Precision Mouse, since I am very happy and very surprised about the feature set.

First of all the Microsoft Surface Precision Mouse feels awesome, very high quality and it is very comfortable in your hand. It feels very precise and you get very quickly used to it.

Now let me write about some extra features you might didn’t know about. You first get a button to configure the scroll wheel in two different speeds, one feels very light and fast and the other one is slower and is more resistant, so you can choose what you like more and switch between them, depending on your task.

Of course you get some extra buttons which you can customize with different shortcuts, for example to open the Windows 10 Tasks View or other applications. You can also customize the buttons depending on the application you are working with.

By already having the perfect mouse, in terms of feeling, comfort, precision and customizability, you get a really cool extra feature. The Surface Precision Mouse gives you more multi-tasking power by allowing you to work seamlessly across up to three computers, supports both Bluetooth and wired USB connections. You can pair your Surface Precision Mouse with three different devices and you can manually switch between them with the button on the bottom of the mouse, or you can use something called Smart Switch.

Smart Switch on the Surface Precision Mouse can be enabled by using the Microsoft Mouse and Keyboard Center. It allows you to setup the workplace layout in the app and now you can move the cursor to the border of the screen and the mouse will seamlessly switch to the other device. So if you are working on your desktop and you have your notebook right next to it, you can easily move the mouse from one device to the other.

Overall I am super happy with the new device!

Surface Precision Mouse Specs

The mouse also works with Windows 7, Windows 10, Windows 8.1 and macOS devices as long as they support Bluetooth 4.0 or higher.

Microsoft works heavily on their Microsoft Azure Recovery Services and releases new features for its Azure Backup software. Some of these new features need a new version of the Azure Backup Agent, or MARS Agent, to work.

Now if you install a new recovery vault in Azure to get started with Azure Backup you will find a link to download the Azure Backup Agent or sometimes you will see warnings in the Azure Backup MMC console with a link to a newer version of the Azure Backup Agent. But if you just want to download the latest MARS Agent, sometimes it is pretty hard to find, so let me help you with this link:

After the first minutes of setup I quickly wanted to run disk optimization, which for SSDs usually does quick trim operations. In my case this was running way longer then on my Surface Book, so I checked what was going on, and I realized that it was running Optimization on a Storage Spaces Virtual Disk, which is kind of strange.

I checked the disk configuration and really, my Surface Pro (2017) does have a Storage Spaces Virtual Disk which it boots from. The Storage Spaces Pool does include two physical 512GB NVMe drives with one Virtual Disk on top configured as simple (striped) volume. Right now I don’t know how they did it, but it seems now possible to boot Windows from a Storage Spaces Virtual Disk with the Windows 10 Creators Update or some Surface team magic. Then when Storage Spaces was introduced with Windows 8, boot from Storage Spaces was not possible.

Follow Me

About

My name is Thomas Maurer. I am a Senior Cloud Advocate at Microsoft. I am part of the Azure engineering team and engage with the community and customers around the world. I am located in Switzerland. I am focusing on Microsoft technologies, especially cloud and datacenter solutions based on Microsoft Azure, Azure Stack and Windows Server. Opinions are my own.